Security firm Netragard has suspended its exploit acquisition program two weeks after it was found selling a potent piece of attackware to the Italian malware developer Hacking Team.
Netragard has long insisted that it sold exploits only to ethical people, companies, and governments. An e-mail sent in March and leaked by one or more people who compromised Hacking Team networks, however, showed Netragard CEO Adriel Desautels arranging the sale of an exploit that worked against fully patched versions of Adobe's Flash media player. Hacking Team, in turn has sold surveillance and exploit software to a variety of repressive governments, including Egypt, Sudan, and Ethiopia.
"Our motivation for termination revolves around ethics, politics, and our primary business focus," Desautels wrote in a blog post published Friday. "The Hacking Team breach proved that we could not sufficiently vet the ethics and intentions of new buyers. Hacking Team unbeknownst to us until after their breach was clearly selling their technology to questionable parties, including but not limited to parties known for human rights violations."